In recent years, consumer electronics on an open platform have become rapidly widespread. Such consumer electronics can download applications (also referred to as apps), as personal computers (PCs) can. Future consumer electronics will be able to expand their functionality by having various kinds of extra hardware, as PCs do. To make possible the functionality expansion, the consumer electronics need to have device drivers installed.
A PC and a consumer electronic on which a device driver can be installed face a greater thereat than an appliance on which only application software can be installed does. Conventional application software runs in user space. In contrast, the device driver runs in kernel space.
Thus, a malicious user can design malware which runs in kernel mode, distribute the malware as a device driver, and let a legitimate user install the device driver on his or her terminal. Once the malware runs in the kernel mode, the malicious user can pose a threat of freely tampering with a memory in process space.
In order to execute a desired operation, a typical process has a shared library loaded in the process space. The shared library is prepared to be shared by two or more processes.
The shared library is found as a static file in a non-volatile memory. When a process to use the shared library runs, a linker/loader loads the static file in the non-volatile memory into volatile memory. Then, the loaded file is mapped as an executable file in the process space in both of a physical address page and a virtual address page.
Thus, the shared library in the process space is mapped at a certain virtual address. Suppose two or more processes use one single shared library. Even though a virtual address in which the shared library is mapped is different in each of the processes, the physical address corresponding to the virtual address tends to indicate a single region among the processes. This configuration prevents memory waste even though the shared library is loaded in two or more processes.
This configuration, however, could be fraudulently used. Specifically, malware which runs in the kernel mode is fraudulently installed to tamper with a shared library in a process space. Then, the tampering inevitably influences all the processes using the tampered shared library. Suppose, for example, a standard library for accessing a file loaded in a volatile memory is tampered with. In such a case, the tampering affects an application process for reproducing music, images, and pictures from files.
Patent Literature 1 introduces a technique to detect and recover tampered software. In the technique disclosed in Patent Literature 1, an appliance downloads a program stored in a read-only memory (ROM); that is non-volatile memory such as a flash memory, onto a random-access memory (RAM); namely, a volatile memory. Then, the appliance runs the program.
In the case where an error is found in the program in the RAM, the appliance reloads the program from the ROM onto the RAM. In the case where the error is found again in the downloaded program, the appliance switches into another memory bank to directly execute the ROM-stored program.
It is noted that, as conventional techniques, Non Patent Literatures 1 to 3 disclose process controlling techniques.
[Citation List]
[Patent Literature]
[PTL 1]
Japanese Unexamined Patent Application Publication No. 2004-78847
[Non Patent Literature]
[NPL 1]
TCG Mobile Trusted Module Specification version 1.0 Revision 6 (2008)
[NPL 2]
John R. Levine. Translated by Kazuya Sakakibara. “Linkers and Loaders.” Ohmsha, Ltd. (2001)
[NPL 3]
Jonathan B. Rosenberg. Translated by Kunio Yoshikawa. “How Debuggers Work.” ASCII Software Language (1998)